Total
3012 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37977 | 1 Microsoft | 9 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 6 more | 2026-02-10 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2024-38077 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2026-02-10 | 9.8 Critical |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
| CVE-2024-38060 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2026-02-10 | 8.8 High |
| Windows Imaging Component Remote Code Execution Vulnerability | ||||
| CVE-2024-38054 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 7.8 High |
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38051 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 7.8 High |
| Windows Graphics Component Remote Code Execution Vulnerability | ||||
| CVE-2024-38025 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2026-02-10 | 7.2 High |
| Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability | ||||
| CVE-2024-37987 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2026-02-10 | 8 High |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2025-24477 | 1 Fortinet | 1 Fortios | 2026-02-10 | 4 Medium |
| A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an attacker to escalate its privileges via a specially crafted CLI command | ||||
| CVE-2025-46643 | 1 Dell | 1 Data Domain Operating System | 2026-02-05 | 2.3 Low |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain a Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service. | ||||
| CVE-2025-7208 | 1 9fans | 1 Plan9port | 2026-02-02 | 5.5 Medium |
| A vulnerability was found in 9fans plan9port up to 9da5b44. It has been classified as critical. This affects the function edump in the library /src/plan9port/src/libsec/port/x509.c. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is b3e06559475b0130a7a2fb56ac4d131d13d2012f. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-70299 | 1 Gpac | 1 Gpac | 2026-01-30 | 6.5 Medium |
| A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file. | ||||
| CVE-2024-37080 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2026-01-24 | 9.8 Critical |
| vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | ||||
| CVE-2025-2912 | 1 Hdfgroup | 1 Hdf5 | 2026-01-23 | 3.3 Low |
| A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6270 | 1 Hdfgroup | 1 Hdf5 | 2026-01-23 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-70302 | 1 Gpac | 1 Gpac | 2026-01-23 | 5.5 Medium |
| A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-70303 | 1 Gpac | 1 Gpac | 2026-01-23 | 5.5 Medium |
| A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | ||||
| CVE-2025-70310 | 1 Gpac | 1 Gpac | 2026-01-23 | 5.5 Medium |
| A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file. | ||||
| CVE-2023-47038 | 3 Fedoraproject, Perl, Redhat | 5 Fedora, Perl, Enterprise Linux and 2 more | 2026-01-22 | 7 High |
| A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. | ||||
| CVE-2025-14425 | 1 Gimp | 1 Gimp | 2026-01-20 | 7.8 High |
| GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28248. | ||||
| CVE-2025-12840 | 1 Openexr | 1 Openexr | 2026-01-15 | 7.8 High |
| Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27948. | ||||